Leader of FBI-hunted gang arrested in Geneva
The suspected cybercriminal is to be extradited to the United States.Image: watson/Shutterstock
The boss of a cyber gang was allegedly arrested in Geneva, which stole tens of millions with the banking Trojan “JabberZeus”. The Federal Office of Justice confirms that a Ukrainian is in extradition custody.
11/16/2022, 5:13 p.m11/17/2022, 3:19 p.m
The American IT security researcher Brian Krebs published a weighty liability on Tuesday evening in his blog (“Krebs on Security”). The 40-year-old Ukrainian leader of the notorious “JabberZeus Crew” was arrested by the police in Geneva.
According to his report, it is a small but powerful group from Ukraine and Russia that attacked its victims with a customized version of the Zeus banking Trojan. The members of the hacking group are wanted by the FBI. According to US prosecutors, they stole more than $70 million from companies.
What does the union say?
At Watson’s request, the Federal Office of Justice confirmed that such an arrest had taken place in Geneva. Media spokesman Raphael Frei:
“By order of the Federal Office of Justice (FOJ) and monitored for an extradition request from the USA, a black national was arrested in the canton of Geneva on October 23, 2022 and placed in custody pending extradition. The US authorities accuse the persecuted, among other things, of extortion, bank fraud and identity theft.
The arrested person is blocking the extradition – so far without success, as the FOJ further reports.
“At his hearing on October 24, 2022, the person being prosecuted did not consent to being extradited to the United States under a simplified procedure. After completing the formal extradition process, the FOJ decided on November 15, 2022 to grant his extradition to the United States.”
The decision of the Federal Office of Justice can still be appealed to the Swiss Federal Criminal Court or the Federal Supreme Court.
Who is the alleged boss of the gang?
To update: According to BleepingComputer, the arrested man was also one of the managers of the Maze and Egregor ransomware operations. Maze ransomware popularized double extortion attacks, in which hackers also stole data and used it as leverage to pressure victims into paying a ransom. Maze was later renamed to ransomware operations Egregor and Sekhmet to avoid prosecution.
According to Brian Krebs, the man comes from Donetsk, a traditionally Russian region in eastern Ukraine that was illegally annexed by Russia.
Nicknamed “Tank,” he was secretly indicted by US justice in 2012 for allegedly using the Zeus malware and botnet to steal bank account credentials.
In his hometown he is a well-known DJ (disk jockey) who has enjoyed being driven around in his high-end BMWs and Porsches. More recently, he’s invested quite heavily in local businesses.
As Krebs writes, the cybercriminal escaped prosecution in Ukraine more than ten years ago because he had political ties to the ousted Greek President Viktor Yanukovych.
According to Krebs, in 2010 he received a tip that the Security Service of Ukraine (SBU) was preparing search warrants against his house. This was due to the widespread corruption in the organization at the time.
Another member of the JabberZeus gang – a Ukrainian-born man nicknamed “Aqua” – is also currently wanted by the FBI, according to Krebs. He has a $5 million bounty on his head.
Other members of the gang had previously become known. Two Ukrainians extradited from the UK to the US in 2015 have pleaded guilty to conspiracy and are reportedly serving their sentences.
How is the gang doing?
After the criminals stole the banking details (login and password) on their victim’s computers using their malware, they intruded into their bank accounts unnoticed. Then she tweaks the companies’ payslips to add dozens of so-called “money mules.” This is what criminal helpers who were recruited to process illegal bank transfers are called. The “mules” then forwarded the money – minus their commissions – abroad by bank transfer.
The group is said to have primarily hacked small and medium-sized companies in the United States of America and Western Europe and plundered company accounts.
JabberZeus malware is developed by the alleged author of Zeus Trojan – Evgeniy Mikhailovich Bogachev, a top Russian cybercriminal. It is a special version of the notorious banking Trojan.
The name comes from the instant messaging service Jabber, which was integrated into the malware. This informed the hackers in real time when a victim logged into the bank account and unnoticed revealed their login data.
Sources
Bull runs through bank in Israel and causes chaos
Video: Watson
This might also interest you:
Twitter will not re-enable the ability to purchase a verification tick with subscription payments for another two weeks, Elon Musk announced.
The feature was quickly uncovered after a wave of fake accounts from brands and celebrities. The new Twitter owner Elon Musk had then announced that they would be reintroduced by the end of this week. Now the subscription should only be available again on November 29, as Musk wrote on Twitter on Wednesday.